cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12397,https://securityvulnerability.io/vulnerability/CVE-2024-12397,Cookies vulnerability could lead to unauthorized data access or modification,"A vulnerability in Quarkus-HTTP has been identified, where improper parsing of cookies occurs due to certain value-delimiting characters in HTTP requests. This issue enables attackers to create specially crafted cookie values that could facilitate the exfiltration of HttpOnly cookie values or allow the spoofing of arbitrary additional cookie values. These actions may lead to unauthorized access or alterations of sensitive data, significantly affecting the confidentiality and integrity of the data being handled.",Red Hat,"Cryostat 3,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Streams For Apache Kafka",7.4,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-12-12T09:05:28.451Z,0
CVE-2023-1932,https://securityvulnerability.io/vulnerability/CVE-2023-1932,HTML Injection Vulnerability in Hibernate Validator,"A flaw exists in the 'isValid' method within the SafeHtmlValidator class of Hibernate Validator that allows for potential HTML injection and Cross-Site Scripting (XSS) attacks. This vulnerability occurs due to the improper handling of HTML tags, specifically when tag endings are omitted in a less-than character format. Consequently, browsers may render invalid HTML, which could be exploited by attackers to inject malicious scripts, compromising the security of affected applications.",Red Hat,"A-MQ Clients 2,Cryostat 2,Red Hat AMQ Broker 7,Red Hat A-MQ Online,Red Hat Bpm Suite 6,Red Hat Codeready Studio 12,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Brms 5,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 5,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Continuous Delivery,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Operations Network 3,Red Hat Jboss Soa Platform 5,Red Hat Openstack Platform 10 (newton),Red Hat Openstack Platform 13 (queens),Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot,Streams For Apache Kafka",6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-07T10:00:51.745Z,0
CVE-2024-7885,https://securityvulnerability.io/vulnerability/CVE-2024-7885,Undertow ProxyProtocolReadListener Vulnerability,"A notable vulnerability exists in the Undertow HTTP server related to the handling of multiple requests over the same HTTP connection. The issue stemmed from the misuse of a shared StringBuilder instance within the ProxyProtocolReadListener, specifically during the process of handling requests in the parseProxyProtocolV1 method. This flaw can lead to information leakage, where sensitive data from a preceding request may be inadvertently included in a subsequent response. The consequence is not only potential data exposure but also issues with connection stability, as errors may arise during processing, affecting overall application performance in environments that handle multiple requests concurrently.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0009800000116229057,false,false,false,false,,false,false,2024-08-21T14:13:36.579Z,0
CVE-2024-3653,https://securityvulnerability.io/vulnerability/CVE-2024-3653,Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks,"A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Streams For Apache Kafka",5.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-07-08T21:21:20.899Z,0
CVE-2024-5971,https://securityvulnerability.io/vulnerability/CVE-2024-5971,Undertow Vulnerability Leads to Denial of Service Attack,"A vulnerability exists in Undertow that can lead to a denial of service scenario. This occurs when chunked responses hang after the body is flushed. Although the response headers and body are sent successfully, the client continues to wait for the termination of the chunked response, which does not occur as expected. This behavior is particularly problematic in Java 17 environments utilizing TLSv1.3, as it results in uncontrolled resource consumption on the server side, potentially leaving it vulnerable to service disruption.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-07-08T20:51:29.223Z,0
CVE-2024-6162,https://securityvulnerability.io/vulnerability/CVE-2024-6162,Undertow Ajp-Listener Vulnerability: URL-Encoded Request Path Information Can Be Broken,"A vulnerability in Undertow affects the processing of URL-encoded request paths on the AJP listener when handling concurrent requests. The issue stems from the sharing of a buffer used for decoding paths across multiple requests, which may result in the server misinterpreting the path, leading to errors like '404 Not Found' or other application failures. This flaw can hinder access to legitimate resources, potentially resulting in a denial of service. Organizations relying on Undertow for handling AJP traffic should assess their systems for exposure to this vulnerability.",Red Hat,"Eap 8.0.1,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-06-20T14:33:10.342Z,0
CVE-2023-5675,https://securityvulnerability.io/vulnerability/CVE-2023-5675,"Quarkus: authorization flaw in quarkus resteasy reactive and classic when ""quarkus.security.jaxrs.deny-unannotated-endpoints"" or ""quarkus.security.jaxrs.default-roles-allowed"" properties are used.","A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.",Red Hat,"Red Hat Build Of Quarkus 2.13.9.final,Red Hat Build Of Quarkus 3.2.9.final,A-MQ Clients 2,Cryostat 2,Openshift Serverless,Red Hat Build Of Optaplanner 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Integration Service Registry,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-04-25T16:15:00.000Z,0
CVE-2024-1249,https://securityvulnerability.io/vulnerability/CVE-2024-1249,Millions of Requests in Seconds: Keycloak OIDC Flaw Affects Application Availability,"A vulnerability exists in the OIDC component of Keycloak that permits unvalidated cross-origin messages via the 'checkLoginIframe' functionality. This security oversight allows attackers to orchestrate and dispatch an overwhelming volume of requests in a very short time span, which could severely compromise the availability of the affected application. The flaw stems from the lack of proper validation of incoming messages, raising concerns about its potential to facilitate denial-of-service attacks.",Red Hat,",Red Hat AMQ Broker 7,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.10,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhoss-1.33-rhel-8,Rhsso 7.6.8,Migration Toolkit For Applications 6,Migration Toolkit For Applications 7,Red Hat Build Of Apicurio Registry,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Developer Hub,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Streams For Apache Kafka",7.4,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-04-17T13:22:48.335Z,0
CVE-2024-1132,https://securityvulnerability.io/vulnerability/CVE-2024-1132,Keycloak Flaw Allows Attackers to Bypass Validation and Access Sensitive Information,"A security vulnerability has been identified in Keycloak, where improper URL validation in redirects could enable an attacker to exploit this flaw. This issue particularly affects clients that utilize wildcards in the Valid Redirect URIs field, which could allow malicious requests to bypass intended restrictions. As a result, sensitive information may be accessed without authorization, potentially leading to further attacks. User interaction is necessary to trigger this vulnerability, making it essential for users and administrators to be informed about securing their implementations of Keycloak.",Red Hat,"Migration Toolkit For Runtimes 1 On Rhel 8,Mta-6.2-rhel-9,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.10,Red Hat Jboss A-MQ 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Service Registry,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",8.1,HIGH,0.0004600000102072954,false,false,false,false,,false,false,2024-04-17T13:21:19.130Z,0
CVE-2024-1300,https://securityvulnerability.io/vulnerability/CVE-2024-1300,Memory Leak in TLS and SNI Support in Eclipse Vert.x Toolkit Allows Attackers to Trigger JVM Out-of-Memory Error,"A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",Red Hat,"Ceq 3.2,Cryostat 2 On Rhel 8,Migration Toolkit For Runtimes 1 On Rhel 8,Mta-6.2-rhel-9,Red Hat AMQ Streams 2.7.0,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Quarkus 3.2.11.final,Rhint Service Registry 2.5.11 Ga,A-MQ Clients 2,Openshift Serverless,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",5.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-04-02T08:15:00.000Z,0
CVE-2024-1023,https://securityvulnerability.io/vulnerability/CVE-2024-1023,Memory Leak Vulnerability in Eclipse Vert.x Toolkit,"A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",Red Hat,"Ceq 3.2,Cryostat 2 On Rhel 8,Mta-6.2-rhel-9,Red Hat AMQ Streams 2.7.0,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Quarkus 3.2.11.final,Rhint Service Registry 2.5.11 Ga,A-MQ Clients 2,Migration Toolkit For Runtimes,Openshift Serverless,Red Hat AMQ Broker 7,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-03-27T07:51:15.716Z,0
CVE-2023-5685,https://securityvulnerability.io/vulnerability/CVE-2023-5685,Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service,"A flaw identified in the XNIO NotifierState component allows for a stack overflow exception due to an excessively large chain of notifier states. This vulnerability can lead to uncontrolled resource management, which may result in a denial of service (DoS) condition on systems utilizing the affected versions of XNIO. Administrators should take appropriate precautions to mitigate potential risks associated with this issue.",Red Hat,"Eap 7.4.14,Red Hat Build Of Apache Camel 4.4.0 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.3 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-03-22T18:24:42.696Z,0
CVE-2024-1635,https://securityvulnerability.io/vulnerability/CVE-2024-1635,Undertow Vulnerability Impacts Wildfly-HTTP-Client Server,"A vulnerability has been identified within Undertow that affects servers utilizing the WildFly HTTP Client protocol. The issue occurs when a malicious actor exploits the behavior of connection handling, causing the server to exhaust its memory and file descriptor limits. This situation arises when a connection is opened and immediately closed at the HTTP port, leading to leaked connections via the WriteTimeoutStreamSinkConduit. Notably, if the RemotingConnection is closed by the Remoting ServerConnectionOpenListener, the connection's outermost layer fails to notify the Undertow conduit of the closure. Consequently, this lack of notification allows the timeout task to continue leaking connections through the XNIO WorkerThread, resulting in a prolonged impact on the server's resource consumption. Organizations are urged to address this vulnerability promptly to safeguard against potential denial-of-service scenarios.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Streams For Apache Kafka",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-02-19T21:23:14.496Z,0
CVE-2024-1459,https://securityvulnerability.io/vulnerability/CVE-2024-1459,Potential Path Traversal Vulnerability in Undertow Could Allow Access to Privileged Files,"A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",5.3,MEDIUM,0.0009899999713525176,false,false,false,false,,false,false,2024-02-12T20:30:03.768Z,0
CVE-2023-6291,https://securityvulnerability.io/vulnerability/CVE-2023-6291,Keycloak: redirect_uri validation bypass,"A flaw has been identified in the redirect_uri validation logic within Keycloak, a product developed by Red Hat. This vulnerability could potentially allow attackers to bypass explicitly allowed hosts, leading to unauthorized access. If exploited, it may enable the theft of access tokens, thereby allowing attackers to impersonate legitimate users and compromise sensitive data. Organizations using Keycloak should ensure they are aware of this issue and implement appropriate security measures to mitigate the risks associated with this vulnerability.",Red Hat,"Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.7,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Single Sign-on 7.6.6,Migration Toolkit For Applications 6,Migration Toolkit For Applications 7,Openshift Serverless,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Process Automation 7",7.1,HIGH,0.0017099999822676182,false,false,false,false,,false,false,2024-01-26T14:23:43.185Z,0
CVE-2023-5379,https://securityvulnerability.io/vulnerability/CVE-2023-5379,Undertow: ajp request closes connection exceeding maxrequestsize,"A vulnerability exists in JBoss EAP affecting the handling of AJP requests that exceed the max-header-size attribute. This flaw allows an attacker to trigger an error state in mod_cluster, resulting in JBoss EAP closing the TCP connection and failing to return an AJP response. Attackers can exploit this by repeatedly sending oversized requests, leading to potential Denial of Service situations where legitimate user requests are disrupted.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Fuse 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot",7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2023-12-12T22:15:00.000Z,0
CVE-2023-3223,https://securityvulnerability.io/vulnerability/CVE-2023-3223,Undertow: outofmemoryerror due to @multipartconfig handling,"A vulnerability has been identified in Undertow, where servlets annotated with @MultipartConfig may lead to an OutOfMemoryError during processing of large multipart content submissions. This flaw can enable unauthorized users to launch remote Denial of Service attacks. Importantly, if file size thresholds are employed to restrict uploads, attackers can bypass these limits by manipulating the request to set the file name to null, thus exploiting this weakness.",Red Hat,"Red Hat Fuse 7.12.1,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Single Sign-on 7.6.5,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Service Registry,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Openstack Platform 13 (queens) Operational Tools,Red Hat Process Automation 7,Red Hat Support For Spring Boot",7.5,HIGH,0.011149999685585499,false,false,false,false,,false,false,2023-09-27T15:18:00.000Z,0
CVE-2022-4245,https://securityvulnerability.io/vulnerability/CVE-2022-4245,Codehaus-plexus: xml external entity (xxe) injection,A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.,Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",4.3,MEDIUM,0.0034099998883903027,false,false,false,false,,false,false,2023-09-25T19:20:57.329Z,0
CVE-2022-4244,https://securityvulnerability.io/vulnerability/CVE-2022-4244,Codehaus-plexus: directory traversal,"A directory traversal vulnerability exists within the Codeplex-Codehaus product, enabling attackers to exploit the flaw by using sequences such as 'dot-dot-slash (../)' or absolute file paths. This could allow unauthorized access to sensitive files and directories beyond the designated folder structure. Exploitation of this vulnerability can potentially expose critical resources, including application source code, configuration files, and other sensitive system files, posing significant risks to system security and integrity.",Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",7.5,HIGH,0.001120000029914081,false,false,false,false,,false,false,2023-09-25T19:20:04.703Z,0
CVE-2023-4853,https://securityvulnerability.io/vulnerability/CVE-2023-4853,Quarkus: http security policy bypass,"A vulnerability in Quarkus has been identified where HTTP security policies fail to correctly sanitize certain character permutations in incoming requests. This flaw may lead to the incorrect evaluation of permissions, enabling an attacker to circumvent the security policy. Such exploitation could allow unauthorized access to sensitive endpoints and potentially trigger a denial of service.",Red Hat,"Openshift Serverless 1 On Rhel 8,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus 2.13.8.sp2,Red Hat Camel Extensions For Quarkus 2.13.3-1,Red Hat Openshift Serverless 1.30,Rhel-8 Based Middleware Containers,Rhint Camel-k-1.10.2,Rhint Service Registry 2.5.4 Ga,RHPam 7.13.4 Async,Red Hat Process Automation 7",8.1,HIGH,0.00406000018119812,false,false,false,false,,false,false,2023-09-20T10:15:00.000Z,0
CVE-2023-1108,https://securityvulnerability.io/vulnerability/CVE-2023-1108,Infinite loop in sslconduit during close,"A vulnerability has been identified within Undertow, affecting its SSL Conduit. This flaw stems from an unexpected handshake status update, which can cause an infinite loop, thereby resulting in a Denial of Service. Malicious actors could exploit this vulnerability to prevent legitimate access to the service, leading to disruptions. Users of Undertow are advised to apply the latest patches to mitigate the risk associated with this issue.",Red Hat,"undertow,Red Hat JBoss Enterprise Application Platform 7,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8,Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9,Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7,Red Hat JBoss Fuse 7,Red Hat Single Sign-On 7,Red Hat Single Sign-On 7.6 for RHEL 7,Red Hat Single Sign-On 7.6 for RHEL 8,Red Hat Single Sign-On 7.6 for RHEL 9,RHEL-8 based Middleware Containers,Text-Only RHOAR,Red Hat build of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Integration Service Registry,Red Hat JBoss Data Grid 7,Red Hat JBoss Enterprise Application Platform Expansion Pack,Red Hat JBoss Fuse 6,Red Hat OpenStack Platform 13 (Queens),Red Hat Process Automation 7",7.5,HIGH,0.004100000020116568,false,false,false,false,,false,false,2023-09-14T15:15:00.000Z,0
CVE-2022-1415,https://securityvulnerability.io/vulnerability/CVE-2022-1415,Drools: unsafe data deserialization in streamutils,"A security flaw exists in Drools Core where certain utility classes fail to implement appropriate safety measures during data deserialization. This vulnerability permits an authenticated attacker to craft malicious serialized objects, often referred to as gadgets, which can then lead to unauthorized code execution on the server. Proper safeguards should be implemented to mitigate risks associated with this vulnerability.",Red Hat,"RHPam 7.13.1 Async,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7",8.1,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2023-09-11T20:20:23.745Z,0